Information security systems, such as computer network based systems employing public key techniques to encrypt and decrypt data, typically use a certification authority, such as a series of network servers to generate certificates that are used by network nodes or other certificate issuing units, to verify, among other things, that other communications sent by subscribers are valid. Computer network security systems are known which allow network nodes to have several software applications that use the same security enforcement rules by having a cryptographic application which is accessible by each of the applications. For example, an e-mail application may access the cryptographic engine to encrypt e-mail messages. Likewise, a financial document generation application may also allow access to the cryptographic engine to encrypt financial documents that may be transferred over communication links.
Conventional systems typically encode security policy rules in the network nodes (eg. a subscriber unit) so that a node requires upgraded software each time a security officer changes a policy rule. Some global policies include, for example, a lifetime of a password, whether or not passwords can be reused, password length, the type of cryptographic keys allowable for a particular node, and other policies. Increasingly, information security systems are becoming larger and larger. For example, a system may include dozens or hundreds of certificate issuing units or network servers that are used to generate certificates for hundreds, thousands and even hundreds of thousands of subscribers. As know in the art, one structure for facilitating verification of certificates in trusted information security systems, includes the implementation of a rooted hierarchy. In such a trust hierarchy, the root authority (or trust authority) serves as the trusted source and signs certificates for lower tiered or subordinate certification units. The subordinate authorities act as the starting trust anchors or local authorities for a specified number of subscribers. Each subscriber then obtains a certificate signed by the local verification authority to determine whether another subscriber within the system is trusted, based on whether or not a signed certificate by a trusted authority is deemed valid by a subscriber.
However, it is desirable to provide policy control flexibility in instances where policy rules need to be changed on a per application or per subscriber basis each time, for example, a subscriber logs in to the system or for any other suitable purpose. In addition, as information security systems become more complex, differing subscribers may have differing security needs and therefore it would be desirable to have a system that is flexible in providing centralized policy rules to each subordinate unit instead of requiring each subordinate unit to know and maintain policy rules of the entire system or require the root authority to control all policy rules. As such, it would be desirable to have a root policy provider be able to delegate to subordinate certificate issuing units within the system. However, such a system should accommodate, dynamically, variations and changes in policy rules.
In addition, typical rooted hierarchies have a single anchor of trust. Each certificate issuing unit then has a corresponding certificate that is signed by the root certificate issuing unit so that the subscribers trust the signature applied by each of their anchor (local) certificate authorities. Some systems also allow cross certification by one certification authority with another certification authority so that the subscribers may more efficiently obtain verification from a subsequent certification authority where desired. However, it would be desirable to allow cross certification of outside agencies or outside nodes from the primary trust community to readily expand the operational community for subscribers. Also, the centralized policy control should also be maintained to provide a more secure system.
Consequently, there exists a need for an information security system that provides flexible policy delegation in a rooted hierarchy system to allow added certification authorities to provide policy rule information either to additional subordinate certification authorities and/or to subscribers. Such a system should allow a variation of trust anchors for a subscriber to facilitate trust adjustment to reduce compromises to a certification authority in the hierarchy. It would also be desirable if such a system employed inter-certification authority verification messages to facilitate dynamic selection of validation starting authorities among the subordinate authorities.